Airheads Community

View Only

last person joined: yesterday

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.

Back to discussions

Expand all | Collapse all

Remove All AAA Config From a Port

Jump to Best Answer

This thread has been viewed 64 times

1. Remove All AAA Config From a Port

0 Kudos
Renier
Posted Oct 28, 2019 10:23 AM

Reply Reply Privately
Dear all,

whats the best practice to remove all AAA config from a profile.
the NO command for the authenticon ( mac/authenticator works) pure functional works but i can remove the following settings
aaa port-access authenticator tx-period 10
aaa port-access authenticator supplicant-timeout 10
aaa port-access authenticator client-limit 10
aaa port-access mac-based addr-limit 10
Thanks

#2930F
2. RE: Remove All AAA Config From a Port
Best Answer

4 Kudos
EMPLOYEE

Herman Robers
Posted Nov 06, 2019 12:06 PM

Reply Reply Privately
For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

sw01(config)# aaa port-access authenticator 5 tx-period 10 sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10 sw01(config)# aaa port-access authenticator 5 client-limit 10 sw01(config)# aaa port-access mac-based 5 addr-limit 10 sw01(config)# show running-config interface 5 Running configuration: interface 5 untagged vlan 6 aaa port-access authenticator tx-period 10 aaa port-access authenticator supplicant-timeout 10 aaa port-access authenticator client-limit 10 aaa port-access mac-based addr-limit 10 exit sw01(config)# aaa port-access authenticator 5 tx-period 30 sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30 sw01(config)# no aaa port-access authenticator 5 client-limit sw01(config)# aaa port-access mac-based 5 addr-limit 1 sw01(config)# show running-config interface 5 Running configuration: interface 5 untagged vlan 6 exit

You can look up the default in the Security Access Guide from the ArubaOS switch configuration.
3. RE: Remove All AAA Config From a Port

1 Kudos
tbb
Posted Nov 08, 2019 11:27 AM

Reply Reply Privately
We partially scripted it and just use this as a template:

no aaa port-access xxx mixed
no aaa port-access mac-based xxx
no aaa port-access authenticator xxx client-limit
no aaa port-access authenticator xxx
no port-security xxx
no spanning-tree xxx root-guard bpdu-protection
int xxx
name "xxx"
untagged vlan xx
ip source-lockdown
disable
enable
exit

TBB
4. RE: Remove All AAA Config From a Port

0 Kudos
G_lepers
Posted Oct 12, 2021 07:59 AM

Reply Reply Privately
Hi,

How can I remove this command : aaa port-access 5 controlled-direction in ?

------------------------------
Glepers
------------------------------

Original Message
5. RE: Remove All AAA Config From a Port

0 Kudos
EMPLOYEE

Emil_G
Posted Oct 12, 2021 11:21 AM

Reply Reply Privately
Hello,

Since the default setting for controlled-direction is "both", you can remove this line from the running config by setting it to both. However you should keep in mind that this setting can only be changed if the port still has authentication enabled on it. If the authentication was already removed the change will fail with the error "Port is not configured with any Authentication."

Here an example

Aruba-Stack-3810M(config)# aaa port-access mac-based 1/1

Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction in

Aruba-Stack-3810M(config)# show run int 1/1

Running configuration:

interface 1/1

   untagged vlan 1

   aaa port-access mac-based

   aaa port-access controlled-direction in

   exit

Aruba-Stack-3810M(config)#

Aruba-Stack-3810M(config)# no aaa port-access mac-based 1/1

Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction both

Port 1/1 is not configured with any Authentication.

You should first set the controlled direction to both and after that remove authentication from the port. Here I am re-enabling mac-based authentication on the port

Aruba-Stack-3810M(config)# aaa port-access mac-based 1/1

And then I am able to set the controlled direction to the default setting of both and remove authentication.

Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction both

Aruba-Stack-3810M(config)# no aaa port-ac mac-based 1/1

Now the command is accepted and the port has the default configuration.

Aruba-Stack-3810M(config)# show run int 1/1

Running configuration:

interface 1/1

   untagged vlan 1

   exit

------------------------------
Emil Gogushev
------------------------------

Original Message
6. RE: Remove All AAA Config From a Port

0 Kudos
G_lepers
Posted Oct 12, 2021 11:37 AM

Reply Reply Privately
Hi Emil_G,

Thanks, it's works.

------------------------------
Glepers
------------------------------

Original Message
7. RE: Remove All AAA Config From a Port

0 Kudos
Seb0815
Posted Mar 16, 2022 02:32 AM

Reply Reply Privately
Tried to remote the following parameter without any success.

aaa port-access authenticator quiet-period 0
aaa port-access authenticator logoff-period 862400
aaa port-access mac-based logoff-period 862400
aaa port-access mac-based quiet-period 30

The NO aaa port-acces authenticator quiet-period/logoff-period interfacenumber doesnt work.
Also tried to disable it on the config mode of the interface

Any ideas?

Original Message
8. RE: Remove All AAA Config From a Port

0 Kudos
EMPLOYEE

Emil_G
Posted Mar 16, 2022 02:49 AM

Reply Reply Privately
Hallo,

Please set the quiet-period to 60 and logoff-period to 300 for both authenticator and mac-based. This are the default values and once they are set the lines should disappear from the config.

------------------------------
Emil Gogushev
------------------------------

Original Message
9. RE: Remove All AAA Config From a Port

0 Kudos
Seb0815
Posted Mar 16, 2022 04:15 AM

Reply Reply Privately
That is it. Thanks a lot.

Original Message
10. RE: Remove All AAA Config From a Port

0 Kudos
EMPLOYEE

Emil_G
Posted Mar 16, 2022 03:05 AM

Reply Reply Privately
Hallo,

Maybe I should give you a more detailed instruction. This commands are not global but applied to an interface. You probably see them under an interface. The command to set the default values assuming we have non default values for mac-based on port 5.

Aruba-2930F-8G-PoEP-2SFPP(config)# show run int 5

Running configuration:

interface 5
untagged vlan 1
aaa port-access mac-based logoff-period 8624000
aaa port-access mac-based quiet-period 30
exit

Aruba-2930F-8G-PoEP-2SFPP(config)#

Aruba-2930F-8G-PoEP-2SFPP(config)# aaa port-access mac-based 5 logoff-period 300

Aruba-2930F-8G-PoEP-2SFPP(config)# aaa port-access mac-based 5 quiet-period 60
Aruba-2930F-8G-PoEP-2SFPP(config)# show run int 5

Running configuration:

interface 5
untagged vlan 1
exit

Aruba-2930F-8G-PoEP-2SFPP(config)#

------------------------------
Emil Gogushev
------------------------------

Original Message
11. RE: Remove All AAA Config From a Port

0 Kudos
Sfaizanahmed91
Posted Jan 05, 2020 06:46 AM

Reply Reply Privately

Wired Intelligent Edge

Remove All AAA Config From a Port

1. Remove All AAA Config From a Port

2. RE: Remove All AAA Config From a Port Best Answer

3. RE: Remove All AAA Config From a Port

4. RE: Remove All AAA Config From a Port

5. RE: Remove All AAA Config From a Port

6. RE: Remove All AAA Config From a Port

7. RE: Remove All AAA Config From a Port

8. RE: Remove All AAA Config From a Port

9. RE: Remove All AAA Config From a Port

10. RE: Remove All AAA Config From a Port

11. RE: Remove All AAA Config From a Port

2. RE: Remove All AAA Config From a Port
Best Answer